The present invention relates to securing digital material in a general purpose media device, and, more particularly but not exclusively to a small portable data storage media device such as a flash disk. The secured material is of the type which it is not desired that the user access directly, alter or copy. Examples of such material or files are copyright material, payment applications (electronic wallet), gaming, protected software, password protected documents etc.
A digital storage unit such as a computer hard disk, a flash card or a key-chain storage device etc. will be referred to herein as a digital storage device, or a media device. The use of non-volatile digital storage grew rapidly with the advancement of the computer market, and the requirement for mobile non-volatile storage has grown with the increased use of computer laptops. Furthermore with the requirement for larger capacities for multimedia players such as the Ipod player by Apple (www.apple.com/ipod) the requirement for digital storage continues to grow. Devices such as digital cameras and mobile phones use non-volatile memory cards such as flash-cards by Sandisk (www.sandisk.com) to store images and other data. Other devices of the key-chain storage family by M-Systems (www.m-sys.com) include USB connectivity so that the storage device can act as a floppy disk replacement. A media device, unlike a floppy disk, includes a controller with some ram, and/or rom or other memory. The controller and memory are needed as these media devices become more complex, and for managing the device transparently to the appliance, for example in order to hide media defects.
In the discussion that follows, a sector is referred to as the smallest unit of independently addressable memory space in a media device, normally containing 512 bytes. A media device, such as a computer hard drive, was historically accessed by specifying the drive's Cylinder number, Head number, and Sector number (CHS). This is also referred to as accessing a drive through its “geometry”, where a hard drive has one or more cylinders, one or more heads to read/write, and a sector number within a specific cylinder and head that contains the stored data. A new method for addressing sectors is called Logical Block Addressing or LBA, where instead of referring to a drive's cylinder, head and sector number geometry, each sector is assigned a unique number. In essence, LBA is a method by which a drive is accessed by linearly addressing sector addresses. The LBA method is used for general media devices and will be used herein to define a virtual address in a media device. The digital appliance, such as a computer, may use one of several file systems to format and make use of the media device. This flexible usage is made possible through the sector level access of a media device. The purpose of a media device is usually to store data for its user or users. In cases where a permission system was necessary to protect one user's files from another user, such as in a multi-user environment, the permission enforcement has been a software security policy, generally managed by the computer administrator. The computer administrator uses available functions of an application using the device, such as an operating system of a computer, to enforce a permission system. The disadvantage in using such systems is that an administrator is needed, with all the accompanying security weaknesses. An alternative approach to a security policy for mobile devices was introduced to protect private and confidential files in case the mobile media device is lost or stolen. In such a case a software security policy is insufficient, as the holder of the storage media device can bypass the software permission policy in various ways. The user can, for example, become an administrator on his own computer and read the content of all connected media devices when file permission policy is enforced by the host computer. Another approach to security policy where file content is not directly accessible to the user, is the use of digital Rights Management or DRM. DRM is a technique for offering protection over copyright digital content. Some protection schemes may include limitation on the access to the digital content, such as limiting the amount of time that content may be accessed, limiting the number of times content may be accessed and so forth. In the case of copyright content under DRM, the content is not accessible to the user directly. For example, the user is not able to duplicate the content. U.S. Patent Application No. 20040039932 to Elazar et al discloses a system for securing digital documents in a digital appliance, hereinafter Elazar et al. In Elazar at al, a DRM device is described which has computational power and its own non-volatile storage for managing and performing its DRM. The above solution however is problematic when the device has more than the single purpose of serving the DRM, for example in media devices which are used both for DRM purposes and as general purpose storage devices. One solution involves dividing the device into two regions or zones. One zone, which is inaccessible to the user, is used by the DRM device. We will refer to this zone as the hidden DRM zone. The other zone is accessible to the user, and there the user can store his or her data. The Sandisk internet site http://www.sandisk.com/retail/booklocker.asp mentions that in their product “booklocker”, “Copyrighted content is stored in a separately partitioned secure zone in the flash drive, which is inaccessible to the user. An open zone on the drive may be used by the user for other purposes.” The solution of dividing the media into two zones causes several problems. These problems arise due to the static nature of the two zones. For example, when one zone fills up the user may be confused as the memory available to him is less than the memory size declared on the device. Furthermore, free space in the hidden zone may not be viewed or managed by the user. The hidden zone may not be used for user files and, similarly, the user free space may not be used for secure data files. U.S. Patent Application No. 20030173400 to Morita et al, hereinafter Morita et al, discloses a storage card with an integral file system, access control and cryptographic support. In Morita et al, the described media device does not allow sector level access for the appliance to which the media device is connected. Instead the media device responds to file access commands. The approach of Morita et al protects file contents against unauthorized use. However the use of a media device as a standard storage device is limited, because the device does not offer sector level access and therefore cannot to be formatted with a standard file system that can be mounted by the host appliance, such as a computer. This means that special drivers are necessary to be in place in order to use the device as for storage. Furthermore, a proprietary file system implementation has to be implemented on the media device, a property that is undesirable.
There is thus a widely recognized need for a media device that can store both user files and protected files securely and efficiently, and it would be highly advantageous to have such a system devoid of the above limitations.